Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!spool.mu.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: campbell@dev8n.mdcbbs.com (Tim Campbell) Newsgroups: comp.virus Subject: Re: Virus questions (PC) Message-ID: <0003.9102151914.AA09165@ubu.cert.sei.cmu.edu> Date: 13 Feb 91 09:54:58 GMT Sender: Virus Discussion List Lines: 68 Approved: krvw@sei.cmu.edu boone@athena.cs.uga.edu (Roggie Boone) writes: > I have 4 questions regarding computer viruses. I am rather new to the > study of compuer viruses and the texts that I have read have not answered > these questions for me. > 2) Are there anti-virus packages (for PC or any computer) that use > artificial intelligence techniques to protect the system, or is such > an effort overkill? Depends on your idea of AI. Some say any program that is user friendly, say by not giving you menu choices that you aren't allowed to perform at the moment constitues an "expert system" - a form of AI. If you're referring to something extravagant that tries to figure out what some program is up to, by searching a large AI database then your latter answer is probably correct - it's overkill. You'll be wasting more memory, disk, and cpu than it's worth. > 3) Not meaning to plant ideas, but I was talking with a facutly member > in the dept. where I work, and the question arose as to whether a virus > could be transmitted to an orbiting satellite and cause the same havoc > that viruses cause us PC users. Is this possible? A virus must be able to "execute" somehow. If a satallite is just relaying "data", then no (unless of course some type of "trojan horse" was planted already in the satallite's program to be "triggered" by some data - but this would not truly be a "virus".) > 4) I have also noticed that SCAN, for instance, scans basically the .EXE, > .COM, .SYS, .OVL files in a directory. Do viruses not infect .TXT or > .DOC files or maybe C (Pascal, Basic) source code? Similarly to number 3 above, the program must be able to "execute". All these files do that. ".doc" and ".txt" files don't execute - so hooking some viral instructions on could be done, but would accomplish little execpt to probably corrupt the affected file. Here's an interesting angle... It is technically possible to write a virus out of ".bat" file instructions to propogate itself to other ".bat" files. I've never seen or even heard of such a thing. It would be relatively easy to detect and remove, and it would be blatently obvious to find out everything about it (what it does, how it spreads, etc.) so to make such a virus would probably be an exercise in futility. But the point is simply that it is "possible" by virtue of the fact that the ".bat" file is executable. You can carry this a step farther. If it is possible to infect a ".bat" file, then it is also possible to infect, interpreter "basic" programs, "dBase" programs, and practically every other "interpretive" language - - even a spreadsheet macro could be infected. (although I'm not fluent in macros so I'm uncertain about the ability of the macro to "propogate" itself to other spreadsheets - the language in use imposes restrictions upon what a virus can get away with.) This brings us to your final question about source code. Yes, a virus can alter them. But they can't execute unless they're compiled. So a virus here can't propogate without some intervening action. In most languages the virus would be obvious to anybody examining the source code, but I can think of at least one way to plant a virus that would almost NEVER be detected without a lot of thought (to someone browsing the source) - so the dangerous possibility does exist. ----------------------------------------------------------------------------- In real life: Tim Campbell - Electronic Data Systems Corp. Usenet: campbell@dev8.mdcbbs.com @ McDonnell Douglas M&E - Cypress, CA also: tcampbel@einstein.eds.com @ EDS - Troy, MI Prodigy: MPTX77A CompuServe: 71631,654 P.S. If anyone asks, just remember, you never saw any of this -- in fact, I wasn't even here.